Solved

My system is infected with a virus and I can't seem to clean it up.

Posted on 2007-03-20
9
328 Views
Last Modified: 2013-12-28
One of my NT 4.0 Servers is infected with the w32.spybot.ALRD virus and I can't delete or quaranteen it. I have ran the latest updates and even tried removing it manually from the registry but I have not luck. Any ideas on what I can do to clean this up?
0
Comment
Question by:frankbustos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761243
first thing U need to do is to find a barts pe, erd commander or a linux bootable cd
something that will give u access to the harddrive while keeping it inactive so that u can remove the virus.
0
 
LVL 6

Accepted Solution

by:
bgbeer earned 500 total points
ID: 18761273
let me back up a minute!
the first thing I would do is to unplug this server from the network because it is a network aware worm that can and will spread to all other computers on the network.

after that u need to pull the ram and the cmos battery and let it sit for 10 minutes or so to empty all memory.
at that point find yourself a bootable cd that will keep your haddrive inactive while working w/ it.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761309
the other thing u that more than likely will need to be don is to reinstall
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 

Author Comment

by:frankbustos
ID: 18761414
Hi bgbeer,
   Ok, I will get it off the network then boot it with the ERD commander cd and see if I can delete the virus that way. I will let you know the results tomorrow as i'm off work for the rest of the evening.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761431
frank, after booting to erd commander the first thing I would do is tocheck for running processes.

with erd commander u will have restore points I would use them.
0
 

Author Comment

by:frankbustos
ID: 18761518
bgbeer,

  sounds good, I will do that.
thanks.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761547
no problem

good luck
0
 

Author Comment

by:frankbustos
ID: 18773188
thanks bgbeer,  I was able to clean out the system and get it back to normal.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18777240
glad I could help
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question